diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2017-06-16 15:19:18 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2017-06-22 19:31:01 +0000 |
| commit | 07f576ffeb2bfabecaefbe24088a2858f47d4642 (patch) | |
| tree | ee51b1043b254b4b86b8422c5e86d643c81d8cf8 /tshark.c | |
| parent | 2954a69d7d5627bf330eb9bb05eb5a1274e01f3a (diff) | |
Add --no-duplicate-keys tshark option.
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'tshark.c')
| -rw-r--r-- | tshark.c | 23 |
1 files changed, 21 insertions, 2 deletions
@@ -156,6 +156,7 @@ * ui/commandline.c, so start tshark-specific options 1000 after this */ #define LONGOPT_COLOR (65536+1000) +#define LONGOPT_NO_DUPLICATE_KEYS (65536+1001) #if 0 #define tshark_debug(...) g_warning(__VA_ARGS__) @@ -206,6 +207,9 @@ static output_fields_t* output_fields = NULL; static gchar **protocolfilter = NULL; static pf_flags protocolfilter_flags = PF_NONE; +static gboolean no_duplicate_keys = FALSE; +static proto_node_children_grouper_func node_children_grouper = proto_node_group_children_by_unique; + /* The line separator used between packets, changeable via the -S option */ static const char *separator = ""; @@ -446,6 +450,9 @@ print_usage(FILE *output) fprintf(output, " requires a terminal with 24-bit color support\n"); fprintf(output, " Also supplies color attributes to pdml and psml formats\n"); fprintf(output, " (Note that attributes are nonstandard)\n"); + fprintf(output, " --no-duplicate-keys If -T json is specified, merge duplicate keys in an object\n"); + fprintf(output, " into a single key with as value a json array containing all\n"); + fprintf(output, " values"); fprintf(output, "\n"); fprintf(output, "Miscellaneous:\n"); @@ -664,6 +671,7 @@ main(int argc, char *argv[]) LONGOPT_DISSECT_COMMON {"export-objects", required_argument, NULL, LONGOPT_EXPORT_OBJECTS}, {"color", no_argument, NULL, LONGOPT_COLOR}, + {"no-duplicate-keys", no_argument, NULL, LONGOPT_NO_DUPLICATE_KEYS}, {0, 0, 0, 0 } }; gboolean arg_error = FALSE; @@ -1436,6 +1444,10 @@ main(int argc, char *argv[]) case LONGOPT_COLOR: /* print in color where appropriate */ dissect_color = TRUE; break; + case LONGOPT_NO_DUPLICATE_KEYS: + no_duplicate_keys = TRUE; + node_children_grouper = proto_node_group_children_by_json_key; + break; default: case '?': /* Bad flag - print usage message */ switch(optopt) { @@ -1451,6 +1463,12 @@ main(int argc, char *argv[]) } } + if (no_duplicate_keys && output_action != WRITE_JSON && output_action != WRITE_JSON_RAW) { + cmdarg_err("--no-duplicate-keys can only be used with \"-T json\" and \"-T jsonraw\""); + exit_status = INVALID_OPTION; + goto clean_exit; + } + /* If we specified output fields, but not the output field type... */ if ((WRITE_FIELDS != output_action && WRITE_XML != output_action && WRITE_JSON != output_action && WRITE_EK != output_action) && 0 != output_fields_num_fields(output_fields)) { cmdarg_err("Output fields were specified with \"-e\", " @@ -3901,11 +3919,12 @@ print_packet(capture_file *cf, epan_dissect_t *edt) case WRITE_JSON: write_json_proto_tree(output_fields, print_dissections_expanded, print_hex, protocolfilter, protocolfilter_flags, - edt, stdout); + edt, node_children_grouper, stdout); return !ferror(stdout); case WRITE_JSON_RAW: write_json_proto_tree(output_fields, print_dissections_none, TRUE, - protocolfilter, protocolfilter_flags, edt, stdout); + protocolfilter, protocolfilter_flags, + edt, node_children_grouper, stdout); return !ferror(stdout); case WRITE_EK: write_ek_proto_tree(output_fields, print_hex, protocolfilter, |